M&S Data Breach: Hackers Access Customer Data, Online Orders Halted

Marks & Spencer Data Breach: Customer Data Accessed in Cyberattack London, UK – Marks & Spencer (M&S) confirmed a data breach on May 13, 2025, revealing that hackers accessed customer personal information. While the retailer declined to state the exact number of affected customers, they assured that financial data, such as payment details, remained secure. "There is no evidence that the information has been shared and it does not include usable card or payment details, or account passwords; there is no need for customers to take any action." said Stuart Machin, M&S CEO in a statement. The cyberattack, which occurred three weeks prior, also led to temporary disruptions in M&S's online ordering system, resulting in empty shelves in some stores. The impact of such breaches is significant, potentially taking months to fully recover from, according to cybersecurity expert Graham Cluley. The incident highlights the increasing vulnerability of UK retailers to cyberattacks, with other major brands like Co-op and Harrods also targeted recently. The financial impact on M&S is substantial, with estimated daily sales losses exceeding £3 million. The incident serves as a stark reminder of the importance of robust cybersecurity measures for businesses and the potential consequences of data breaches for both companies and consumers.